diff options
| author | Felix Fietkau | 2026-01-31 16:56:53 +0000 |
|---|---|---|
| committer | Felix Fietkau | 2026-01-31 17:00:50 +0000 |
| commit | 1bbb60184d1f25b369b26802d199ac4c85af3111 (patch) | |
| tree | 5145a20aaf6ddf5ea587ee0c1e3e5f717f30bb28 | |
| parent | 9d496dfb984dc645560bb86e5012de29e5efcc6f (diff) | |
| download | linusw-master.tar.gz | |
The ucode wifi-scripts unconditionally set ieee80211w=1 for psk-sae
and eap-eap2 auth types, ignoring any user-configured value. This
caused ieee80211w=2 (MFP required) to be silently downgraded to 1
(MFP optional) when using sae-mixed encryption.
Change the logic to only set the default of 1 when ieee80211w is not
already configured by the user.
Fixes: https://github.com/openwrt/openwrt/issues/21751
Signed-off-by: Felix Fietkau <nbd@nbd.name>
| -rw-r--r-- | package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc | 3 | ||||
| -rw-r--r-- | package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc index 4585998d30..5771e0e2df 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc @@ -90,7 +90,8 @@ function iface_auth_type(config) { } if (config.auth_type in [ 'psk-sae', 'eap-eap2' ]) { - config.ieee80211w = 1; + if (!config.ieee80211w) + config.ieee80211w = 1; if (config.rsn_override) config.rsn_override_mfp = 2; config.sae_require_mfp = 1; diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc index 6d65b5b248..a1daf041a1 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc @@ -60,7 +60,7 @@ function setup_sta(data, config) { if (config.auth_type in [ 'sae', 'owe', 'eap2', 'eap192' ]) config.ieee80211w = 2; - else if (config.auth_type in [ 'psk-sae' ]) + else if (config.auth_type in [ 'psk-sae' ] && !config.ieee80211w) config.ieee80211w = 1; if ((wildcard(data.htmode, 'EHT*') || wildcard(data.htmode, 'HE*')) && config.rsn_override) |